Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Prevent SFTP login
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Prevent SFTP login (Read 13983 times)
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Prevent SFTP login
«
Reply #15 on:
January 29, 2018, 05:39:03 pm »
sounds good. but I would hardcode "wheel" to prevent a lockout of root and a user may add additional groups.
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Prevent SFTP login
«
Reply #16 on:
January 29, 2018, 05:41:55 pm »
That should make sure of it?
https://github.com/opnsense/core/blob/master/src/etc/rc.subr.d/recover#L34
And all GUI groups are added to the system, so that should all play out as it should.
Cheers,
Franco
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Prevent SFTP login
«
Reply #17 on:
January 29, 2018, 06:07:43 pm »
I mean the sshd_config setting should be "AllowdGroups wheel custom_group1 custom_group2" where the default is "admin" as the first custom group so it is as hardened as possible and it will be hard to lockout root without changing the code.
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Prevent SFTP login
«
Reply #18 on:
January 29, 2018, 06:15:43 pm »
Good point, sure.
But we have to do stuffing in that case:
Setting is on, e.g. "admins":
AllowedGroups wheel admins
(does not support multi-select)
Settings is off:
#AllowedGroups nope
(not restricted as it is now)
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Prevent SFTP login
«
Reply #19 on:
January 31, 2018, 10:21:06 pm »
As discussed....
https://github.com/opnsense/core/commit/4cdfe13bc
I don't think this will hit 18.1.1, but 18.1.2 is likely.
Cheers,
Franco
Logged
namezero111111
Jr. Member
Posts: 94
Karma: 10
Re: Prevent SFTP login
«
Reply #20 on:
February 01, 2018, 02:54:22 pm »
Awesome; I'm excited about the response :}
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Prevent SFTP login